EUVD-2026-21575
GHSA-3mcx-6wxm-qr8v
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.
Analysis
Authentication bypass in Ajenti admin panel versions prior to 0.112 allows unauthenticated remote attackers to completely circumvent password authentication when two-factor authentication (2FA) is enabled. Attackers can gain full administrative access to the Ajenti server management interface without valid credentials, compromising confidentiality and integrity of managed systems. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Ajenti deployments running versions prior to 0.112 and disable remote access to the admin panel or isolate affected systems behind network segmentation. Within 7 days: Contact Ajenti vendor for patch availability timeline and status; implement network-based authentication controls (VPN/IP allowlisting) for all admin panel access. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today